REST API authentication takes advantage of JSON web tokens to provide a mechanism to authentication users and applications again a REST API. Tokens can be granted on the command line or through an endpoint and then provided as part of the Authorization header when making future requests.
To setup basic authentication, you can use New-UDAuthenticationMethod with Start-UDRestApi. Simply pass a new authentication method to the -AuthenticationMethod parameter of Start-UDRestApi.
The REST API is now protected from requests that do not contain a valid Bearer token. To generate a token for the API, you can use Grant-UDJsonWebToken.
$Token = Grant-UDJsonWebToken -UserName 'Adam'
The token can then be used with Invoke-RestMethod or another HTTP tool as part of the headers.
New-UDAuthenticationMethod offers several configuration options that provide additional security when configuring the protection for a REST API. You will want to override the -SigningKey parameter. It defaults to default_signing_key. Changing this value ensures that the signing key is unique for your REST API.
To enable authentication through the REST API, you can specify an endpoint based authentication method with New-UDAuthenticationMethod. When you specify the result of New-UDAuthenticationResult you can include a token that the user can then use for Bearer authentication for other REST API calls. The endpoint will receive a PSCredential object that you can then use to authenticate in whatever means is necessary.
Grant-UDJsonWebToken provides several configuration options for tokens. You can specify expiration as well as user names. Default expiration is 1 year. User names are available within UDEndpoints that by using the $User variable.
Web tokens can include any set of information that you want to include with the user's token by specifying a hashtable and providing it to the -Payload parameter. You can then use the ConvertTo-UDJsonWebToken to convert a string representation of a JSON web token to an object.